Feed aggregator

Article URL: https://fission.codes/blog/functions-everywhere-only-once/

Comments URL: https://news.ycombinator.com/item?id=39849837

Points: 1

# Comments: 0

Article URL: https://ironsides.martincarlisle.com/ICRST2013.pdf

Comments URL: https://news.ycombinator.com/item?id=39849818

Points: 2

# Comments: 0

Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerability in this patch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

After the update, the version should be 123.0.6312.86, or later

Technical details

Google never gives out a lot of information about vulnerabilities, for obvious reasons. Access to bug details and links may be kept restricted until a majority of users are updated with a fix.

There is one critical vulnerability that looks like it might be of interest to cybercriminals.

CVE-2024-2883: Use after free (UAF) vulnerability in Angle in Google Chrome prior to 123.0.6312.86 could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Angle is a browser component that deals with WebGL (short for Web Graphics Library) content. WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser without the use of plug-ins.

UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, when the vulnerability is exploited, it can lead to heap corruption.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.

Chromium vulnerabilities are considered critical if they “allow an attacker to read or write arbitrary resources (including but not limited to the file system, registry, network, etc.) on the underlying platform, with the user’s full privileges.”

So, to sum this up, in this case an attacker could create a specially crafted HTML page–which can be put online as a website–that exploits the vulnerability, potentially leading to a compromised system.

My suggestion: don’t wait for the update, get it now.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

Article URL: https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/

Comments URL: https://news.ycombinator.com/item?id=39849804

Points: 1

# Comments: 0

Article URL: https://github.com/stitchng/adonis-extensions

Comments URL: https://news.ycombinator.com/item?id=39849802

Points: 1

# Comments: 0

Article URL: https://cellfig.com/

Comments URL: https://news.ycombinator.com/item?id=39849795

Points: 1

# Comments: 0

Article URL: https://ejona.ersoft.org/archive/2024/03/03/flatpak-perm-survey/

Comments URL: https://news.ycombinator.com/item?id=39849784

Points: 1

# Comments: 0

Article URL: https://www.schneier.com/blog/archives/2024/03/llm-prompt-injection-worm.html

Comments URL: https://news.ycombinator.com/item?id=39849783

Points: 1

# Comments: 0

Article URL: https://github.com/codesplinta/URISanity

Comments URL: https://news.ycombinator.com/item?id=39849778

Points: 1

# Comments: 0

Article URL: https://library.harvard.edu/statement-des-destinees-de-lame

Comments URL: https://news.ycombinator.com/item?id=39849773

Points: 2

# Comments: 0

More games from Activision Blizzard will likely join the service in the future as well.

A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators.

The post Threat Indicators Show 2024 is Already Promising to be Worse Than 2023 appeared first on SecurityWeek.

The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure.

The post US Offering $10 Million Reward for Information on Change Healthcare Hackers appeared first on SecurityWeek.

In a landscape where 90% of machine learning models falter before reaching production, the imperative for robust model evaluation has never been clearer. The efficacy of machine learning hinges not only on technological prowess but also on astute application and evaluation methodologies.

The Importance of Model Evaluation in Machine Learning

Ensuring optimal model performance is not a mere aspiration but a strategic necessity. By adopting rigorous evaluation practices, organizations can:

- Ascertain Optimal Performance: Benchmark models against diverse alternatives to ensure peak performance.

- Ensure Reliability: Validate models' behavior and integrity, crucial for real-time applications.

- Avert Catastrophe: Prevent financial losses and user dissatisfaction through a thorough evaluation.

- Address Data Leakage: Safeguard against inadvertent data influences to maintain model integrity.

- Enable Continuous Monitoring: Adapt models to evolving environments through ongoing evaluation.

Evaluating Metrics and Techniques for Success

Choosing the right evaluation metrics is pivotal for accurate assessment:

- Accuracy, Precision, Recall, F1-score, and ROC-AUC offer nuanced insights into model performance across diverse scenarios.

- Techniques like Cross-Validation, Holdout Validation, Bootstrapping, and Stratified Sampling cater to various data types and challenges, ensuring robust evaluations.

Navigating Challenges with Best Practices

Effective model evaluation hinges on adherence to best practices, such as:

- Implementing proper data splitting and metric selection mitigates bias and aligns evaluation with model objectives.

- Avoiding common pitfalls like data leakage and overfitting enhances model validity and relevance.

- Continuous model monitoring and re-evaluation ensure adaptability and sustained performance.

Learn how model evaluation can prevent common pitfalls and guarantee optimal performance and reliability.

Read the Full Article on here- https://www.markovml.com/blog/model-evaluation-metrics

#ModelEvaluation #MachineLearningMetrics #MLPerformance #DataIntegrity #EvaluationTechniques #ModelValidity #PerformanceBenchmarking #DataLeakagePrevention #ContinuousMonitoring #MLBestPractices #MachineLearning #ModelPerformanceEval

Comments URL: https://news.ycombinator.com/item?id=39849562

Points: 1

# Comments: 0

Article URL: https://www.nature.com/articles/s41586-024-07220-7

Comments URL: https://news.ycombinator.com/item?id=39849560

Points: 1

# Comments: 1